Cybercriminals have found a way to break into online accounts using mobile phone numbers. They can take over your mobile phone account, which then allows them to intercept your two-factor authentication verification codes. With these, they can access your bank, credit card and other accounts. Learn how to keep your phone number from being ported by criminals.
It’s called the port-out scam. Essentially the scammers are taking advantage of porting that allows you to take your phone number with you when you change wireless carriers.
Carriers must comply with your request to port your phone number. They’ll do so as long as the person making the request can verify their identity.
However, today, there are many ways that hackers can get your identity information online. If they have enough information about you to convince your wireless phone company that they are you, they can have your phone service transferred to their mobile device. They can do this online or by visiting the wireless store.
You won’t notice that your number has been ported right away, so this gives hackers time to access your online accounts. Eventually, you won’t be able to make or receive calls. When this happens, you’ll probably contact your phone company. This is when you’ll learn that your number has been ported illegally.
Lorrie Cranor, FTC Chief Technologist, even had her number hijacked. She shares her personal experience with this.
“A few weeks ago an unknown person walked into a mobile phone store, claimed to be me, asked to upgrade my mobile phones, and walked out with two brand new iPhones assigned to my telephone numbers. My phones immediately stopped receiving calls, and I was left with a large bill and the anxiety and fear of financial injury from identity theft. This post describes my experiences as a victim of ID theft, explains the growing problem of phone account hijacking, and suggests ways consumers and mobile phone carriers can help combat these scams.”
Call your wireless carrier and ask for PIN authentication for your wireless account. Some carriers like Sprint require you to create a PIN when you open a new account.
Here’s what Fraud.org says to do:
This scam can be financially devastating to its victims, but there are several steps you can take to prevent the scam from happening in the first place:
“Contact your carrier and ask them to add a unique personal identification number (PIN) to your account. This PIN number will need to be provided any time you wish to make a change to your account, including upgrading your cell phone. This extra layer of security will help stem any would-be scammer from running the port-out scam on your phone. The process for adding a PIN depends on your provider. See below for details on how to add an account PIN for each of the four major national wireless providers:
For those who want to go one step further, Fraud.org has this recommendation: See if your accounts that use two-factor authentication offer an app-based way, such as Authy or Google Authenticator, to receive that one-time verification code.”
The CTIA Wireless Association, a trade association representing the wireless communications industry, also issued a news release earlier this month: Protecting your accounts against number porting.
They advise that:
“If you stop receiving calls or texts, and you don’t know why, contact your wireless provider immediately. Even if you don’t use your mobile device often, you should check regularly for provider and account alerts.”
Wireless phone companies are warning their customers about this scam. They are encouraging customers to add a port validation feature to their accounts by using a PIN.
Brian Rexroad, VP Security Platforms at AT&T, provides more tips to keep your phone number secure:
As an added layer of security on your landline, you can add a PIC freeze or Primary InterExchange Carrier Freeze. A PIC freeze prevents unauthorized account changes without customer approval. If a port out request is submitted, the PIC freeze feature tells the new provider no change can be made until the customer removes the freeze. If it’s a legitimate request, the PIC freeze can be quickly and easily removed with the proper authentication.”
Did you find this article helpful? If so, check out others on our Blog.